A large US health care tech company was hacked. It's leading to billing delays and security concerns
A massive U.S. health care technology company says it was attacked by the ransomware group ALPHV, also known as Blackcat
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Health care providers across the country are reeling from a cyberattack on a massive U.S. health care technology company that has threatened the security of patients’ information and is delaying some prescriptions and paychecks for medical workers.
The hack could also disrupt discharging people from the hospital, a major hospital association said.
Change Healthcare announced Thursday that a ransomware group that had claimed responsibility for the attack was at fault. Change Healthcare also said it is assessing the impact of the attack, which it first acknowledged on Feb. 21 and has affected billing and care-authorization portals across the country.
“Patient care is our top priority and we have multiple workarounds to ensure people have access to the medications and the care they need,” Change Healthcare said in a statement.
Owned by UnitedHealth Group, Change Healthcare manages health care technology pipelines, processing 14 billion transactions a year. The company said its investigation determined that Change Healthcare, Optum, UnitedHealthcare and UnitedHealth Group systems have been affected. Change also confirmed Thursday that ransomware group ALPHV, or Blackcat, made the breach. The company didn't respond to a question about whether it paid or negotiated a ransom.
One of the most immediate impacts is that people are seeing delays in getting prescriptions, American Hospital Association spokesperson Ben Teicher said. Change Healthcare said most affected pharmacies are using workarounds like writing things down.
But the severity of the situation may still be unfolding, the American Hospital Association said in an email to The Associated Press. Hospitals are having issues with processing claims, billing patients and checking insurance coverage for care, the AHA said, but the attack also could affect the ability to pay workers and buy medicine and supplies.
“The impact to hospitals is just now really starting to crystallize and as a result has been underreported,” Teicher said. “As a result we can’t really speak to the longer term aftermath, but it can result in hospitals not being able to make payroll or patients still waiting for services to be approved.”
Health systems told the Healthcare Association of New York State that they’ve had trouble with various things, including “an inability to verify patient eligibility and coverage … communicate pharmacy prescriptions, file claims … and receive normal cash flow to support operations, among other issues,” association president Bea Grause said.
Several major health care providers that serve multiple states did not respond to requests for comment.
Cybersecurity experts say ransomware attacks have increased substantially in recent years, especially in the health care sector. This one comes on the heels of an attack last month on a children’s hospital in Chicago, which had to take phone, email and medical records systems offline.
An FBI spokesperson in Tennessee said he could not confirm or deny whether the FBI is investigating.
“As far as we can tell, the attack is being contained,” said Allan Liska, a threat intelligence analyst at Recorded Future. “We don’t think it’s going to get worse. But when you have a critical system like this that’s down for an extended period … the longer it’s down and the longer that recovery takes, the more impact it’s going to have on patient care.”
___
AP correspondent Adrian Sainz in Memphis contributed to this report.
___
The Associated Press Health and Science Department receives support from the Robert Wood Johnson Foundation. The AP is solely responsible for all content.